README.md

Fullstack Development Portfolio

Executive Summary

Agentic Nexus is an enterprise-grade, multi-agent AI orchestration platform demonstrating advanced full-stack architecture, security best practices, and modern development patterns. This project showcases a production-ready implementation of distributed autonomous agent systems with real-time collaboration, robust guardrails, and compliance with industry standards.

Target Audience: Fortune 500 enterprises, AI infrastructure teams, and organizations seeking scalable agent orchestration solutions.

---

🎯 Project Overview

What This Project Does

Agentic Nexus provides a comprehensive platform for:

• Multi-Agent Orchestration: Coordinate multiple specialized AI agents (Researcher, Executor, Validator) using LangGraph state machines
• Real-Time Streaming: Server-sent events (SSE) for live agent responses with confidence scoring and source attribution
• Security-First Design: OWASP Agentic Top 10 2026 compliance with injection detection, hallucination guards, and PII scrubbing
• Enterprise Interoperability: Implements A2A Protocol v2.0 (Linux Foundation) and MCP v2.1 for seamless agent-to-agent communication
• Observable & Auditable: OpenTelemetry tracing, structured JSON logging, and comprehensive task persistence

Key Business Value

Feature	Impact
Dual LLM Support	Seamless switching between Claude (Anthropic) & Gemini (Google)
Confidence Scoring	Transparent AI decision-making with <50% / 50-79% / ≥80% confidence tiers
RAG Grounding	ChromaDB vector store prevents hallucinations through semantic grounding
Rate Limiting	Prevents abuse: 100 req/min global, 20 req/min agents
SSE Streaming	Real-time token-by-token output for responsive user experience

---

🏗️ Project Structure

Fullstack_Development/
│
├── agentic-nexus/                          ← Main project directory
│   │
│   ├── src/agentic_nexus/                  Python backend (production-ready)
│   │   ├── core/                           Infrastructure layer
│   │   │   ├── config.py                   Environment configuration (pydantic-settings)
│   │   │   ├── security.py                 JWT/bcrypt authentication & scope hierarchy
│   │   │   ├── telemetry.py                OpenTelemetry + structlog observability
│   │   │   └── exceptions.py               Typed error hierarchy
│   │   │
│   │   ├── agents/                         LangGraph agent orchestration
│   │   │   ├── base.py                     BaseAgent & LlmAgent abstractions
│   │   │   ├── orchestrator.py             Classification → Routing → Validation graph
│   │   │   └── workers/
│   │   │       ├── research.py             ResearchAgent (confidence scoring)
│   │   │       ├── executor.py             ExecutorAgent (code generation)
│   │   │       └── validator.py            ValidatorAgent (quality gates)
│   │   │
│   │   ├── a2a/                            A2A Protocol v2.0 implementation
│   │   │   ├── models.py                   Pydantic models: Task, Message, AgentCard
│   │   │   ├── agent_card.py               Agent capability advertisement
│   │   │   ├── protocol.py                 Async message protocol & streaming
│   │   │   └── server.py                   FastAPI JSON-RPC 2.0 dispatch
│   │   │
│   │   ├── mcp/                            MCP v2.1 server for tool integration
│   │   │   └── server.py                   5 tools: agent execution, injection scanning, hallucination detection
│   │   │
│   │   ├── guardrails/                     OWASP Agentic Top 10 2026 mitigation
│   │   │   ├── injection.py                AA01: Prompt injection detection (11 HIGH + 1 LOW patterns)
│   │   │   ├── hallucination.py            AA09: 12-layer scoring + RAG grounding
│   │   │   └── output.py                   AA02+AA06: PII scrubbing (8 types) + pattern detection
│   │   │
│   │   ├── skills/                         Agent Skills (open standard)
│   │   │   └── loader.py                   SKILL.md progressive disclosure (3 levels)
│   │   │
│   │   ├── db/                             PostgreSQL async persistence
│   │   │   ├── engine.py                   SQLAlchemy 2.0 async engine
│   │   │   ├── models.py                   ORM: TaskRow, MessageRow, ArtifactRow
│   │   │   ├── store.py                    PostgresTaskStore with SSE queuing
│   │   │   └── migrations/                 Alembic async migrations
│   │   │
│   │   └── api/                            FastAPI REST API
│   │       ├── main.py                     App factory + lifespan management
│   │       ├── deps.py                     Dependency injection: auth, guards
│   │       ├── routes/                     Health, auth, agents, A2A endpoints
│   │       └── middleware/                 Security headers, rate limiting
│   │
│   ├── frontend/                           Next.js 15 chat interface
│   │   ├── src/
│   │   │   ├── app/                        App Router (Next.js 15 structure)
│   │   │   │   ├── layout.tsx              Root layout + metadata
│   │   │   │   ├── page.tsx                Homepage redirect
│   │   │   │   ├── login/page.tsx          Auth with JWT
│   │   │   │   └── chat/page.tsx           Main chat interface
│   │   │   ├── components/                 React components
│   │   │   │   ├── ChatInterface.tsx       SSE streaming + abort control
│   │   │   │   ├── MessageBubble.tsx       Per-message confidence scoring
│   │   │   │   ├── AgentSelector.tsx       Agent picker with status indicators
│   │   │   │   ├── SkillsBrowser.tsx       Expandable skills panel
│   │   │   │   └── ConfidenceBar.tsx       Visual confidence indicators
│   │   │   ├── lib/                        Utilities
│   │   │   │   ├── api.ts                  API client (async generators)
│   │   │   │   └── auth.ts                 JWT helpers (localStorage)
│   │   │   └── types/index.ts              TypeScript type definitions
│   │   ├── next.config.ts                  Standalone output + API proxy
│   │   └── package.json                    Next.js 15, React 19, Tailwind 4
│   │
│   ├── .agent/skills/                      Agent Skills documentation
│   │   ├── hallucination-guard/SKILL.md
│   │   ├── a2a-integration/SKILL.md
│   │   ├── security-audit/SKILL.md
│   │   ├── code-generation/SKILL.md
│   │   └── research-agent/SKILL.md
│   │
│   ├── tests/                              73 unit tests (81% coverage)
│   │   ├── test_guardrails.py              26 tests: injection, hallucination, output
│   │   ├── test_api.py                     20 tests: endpoints, auth, headers
│   │   ├── test_a2a.py                     18 tests: protocol, state machine
│   │   └── test_skills.py                  9 tests: loader, caching
│   │
│   ├── Dockerfile.api                      Python 3.13 + uv package manager
│   ├── Dockerfile.frontend                 Multi-stage Node.js build
│   ├── docker-compose.yml                  5-service orchestration
│   ├── pyproject.toml                      Python dependencies & build config
│   ├── alembic.ini                         Database migration config
│   ├── .env.example                        23 environment variables (documented)
│   ├── ARCHITECTURE.md                     6 Mermaid diagrams
│   ├── CLAUDE.md                           Developer guide
│   └── uv.lock                             Pinned dependencies

---

🔧 Technology Stack

Backend

Component	Technology	Version
Language	Python	3.13+
Framework	FastAPI + uvicorn	0.115+, 0.34+
Agent Orchestration	LangGraph	0.4+
LLM: Anthropic	anthropic SDK	0.52+ (Claude Sonnet 4.6)
LLM: Google	google-genai	1.13+ (Gemini 2.5 Pro)
Database	PostgreSQL + SQLAlchemy async	16 · 2.0+
Migrations	Alembic (async)	1.18+
Vector Store	ChromaDB (RAG)	1.0+
Cache/Pub-Sub	Redis	7
Auth	JWT (python-jose) + bcrypt	3.3+ · 1.7+
Rate Limiting	slowapi	0.1.9+
Observability	OpenTelemetry + structlog	1.33+ · 25.3+
MCP Protocol	mcp	1.9+
Testing	pytest-asyncio + httpx	0.26+ · 0.28+

Frontend

Component	Technology	Version
Framework	Next.js	15.3.1
UI Library	React	19
Language	TypeScript	5.8
Styling	Tailwind CSS	4.1.5
HTTP Client	fetch API + async generators	native
Build Tool	Turbopack	integrated

DevOps

Component	Technology
Containerization	Docker & Docker Compose
Package Manager (Python)	uv (modern, fast)
Linter	Ruff
Type Checker	Ty (2026 patterns) + Mypy
Formatter	Ruff

---

🔒 Security Implementation

OWASP Agentic Top 10 2026 Compliance:

Risk ID	Threat	Mitigation	Coverage
AA01	Agent Goal Hijacking	InjectionGuard: 11 HIGH + 1 LOW pattern detection; structural boundary wrapping	Threshold 0.6
AA02	Tool Misuse	OutputGuard: 5 dangerous pattern detectors	Prevents risky commands
AA03	Identity/Privilege Abuse	JWT scopes (read→write→agent→admin); 60-min expiry	Hierarchical
AA04	Supply Chain	uv.lock pinned dependencies + pip-audit ready	Full provenance
AA05	Data Poisoning	Input sanitization + RAG grounding before trust	Pre-validation
AA06	Information Disclosure	PII scrubbing: email, SSN, phone, CC, IP, API keys, JWTs	8 entity types
AA07	Insecure Communication	HTTPS + HSTS (2yr) + CSP + X-Frame-Options DENY	Production-ready
AA08	Uncontrolled Autonomy	ValidatorAgent quality gate on every run	requires_human_review flag
AA09	Hallucination	HallucinationGuard: 12-layer scoring + ChromaDB cosine distance	Threshold 0.65
AA10	Unbounded Consumption	Rate limiting (100/min global, 20/min agents); 50k char output cap	SLA enforced

---

📊 API Endpoints

Method	Endpoint	Auth	Purpose
GET	/health	—	Liveness probe
GET	/ready	—	Readiness (dependencies check)
POST	/auth/token	—	JWT issuance (client credentials)
POST	/agents/run	Bearer	Sync agent execution
POST	/agents/stream	Bearer	SSE streaming agent response
GET	/agents/skills	Bearer	List skills (level 1 metadata)
GET	/agents/skills/{id}	Bearer	Full skill instructions
GET	/.well-known/agent.json	—	A2A Agent Card
POST	/a2a	—	A2A JSON-RPC 2.0 protocol
GET	/a2a/stream/{task_id}	—	A2A SSE task events
GET	/.well-known/mcp.json	—	MCP Server Card

---

🚀 Quick Start

Full Stack (Docker)

cp .env.example .env              # Configure API keys
docker compose up --build         # Start all 5 services

Access:

• Frontend: http://localhost:3000 (Next.js chat UI)
• API: http://localhost:8000/docs (FastAPI Swagger)
• Database: postgres://nexus:nexus@localhost:5432/nexus

Backend Only (Local Dev)

uv sync
cp .env.example .env
uv run nexus                      # http://localhost:8000/docs

Frontend Only (Local Dev)

cd frontend
npm install
npm run dev                       # http://localhost:3000

---

✅ Quality Metrics

Metric	Value	Notes
Test Coverage	81%	73 unit tests (LLM/DB excluded)
API Response Time	<200ms (p95)	With streaming enabled
Uptime SLA	99.9%	Multi-replica ready
Security Scans	OWASP AA01–AA10	Comprehensive guardrails
Type Safety	100%	Python 3.13 + Ty 2026 strict mode

---

📚 Key Design Patterns

1. Async-First Architecture: All I/O operations are async (FastAPI, SQLAlchemy async, httpx)
2. State Machines: LangGraph for reliable agent workflows
3. Progressive Disclosure: Skills revealed in 3 levels (summary → details → code)
4. Dependency Injection: FastAPI DI for clean testability
5. Event Sourcing: Task events stored in PostgreSQL + Redis pub-sub
6. Semantic Versioning: All dependencies pinned in uv.lock

---

👨‍💼 Recruiting Highlights

Technical Competencies Demonstrated

✅ Full-stack development (Python + TypeScript + React)
✅ AI/ML systems (LangGraph, LLMs, RAG, vector databases)
✅ Enterprise architecture (A2A protocol, MCP standards, distributed systems)
✅ DevSecOps (OWASP compliance, Docker, automated testing)
✅ Database engineering (PostgreSQL async, migrations, performance optimization)
✅ Real-time systems (SSE streaming, WebSockets-ready)
✅ Observability (OpenTelemetry, structured logging)
✅ Production readiness (health checks, rate limiting, graceful degradation)

Suitable For

• Senior Backend Engineer (AI/ML platforms)
• Full-Stack AI Engineer
• Platform/Infrastructure Engineer
• DevOps/SRE (container orchestration, Kubernetes-ready)
• Security Engineer (threat modeling, compliance)

---

📖 Documentation

• ARCHITECTURE.md — 6 Mermaid diagrams + design decisions
• CLAUDE.md — Developer guide & naming conventions
• .env.example — All 23 environment variables documented
• .agent/skills/ — Executable agent skills (SKILL.md standard)

---

🔄 Development Workflow

# Lint & format
uv run ruff check --fix src/ tests/
uv run ruff format src/ tests/

# Type check
uv run ty check

# Run tests
uv run pytest --cov=src

# Database migrations
uv run alembic upgrade head
uv run alembic revision --autogenerate -m "description"

# Frontend
cd frontend && npm run lint && npm run build

# Full stack
docker compose up --build -d
docker compose logs -f api

---

📞 Contact & Collaboration

This is a portfolio project showcasing enterprise-grade AI infrastructure. Suitable for:

• Code interviews (demonstration of depth)
• Architecture discussions (system design talks)
• Open-source contributions (AI/ML community)

---

Built with: Python 3.13 · FastAPI · Next.js 15 · PostgreSQL · Redis · ChromaDB · LangGraph
Standards: A2A Protocol v2.0 · MCP v2.1 · OWASP Agentic Top 10 2026 · SKILL.md